Man page and many other sources clearly say:
• Real user ID and real group ID. These IDs determine who owns the
process. A process can obtain its real user (group) ID using ge‐
tuid(2) (getgid(2)).
• Effective user ID and effective group ID. These IDs are used by the
kernel to determine the permissions that the process will have when
accessing shared resources
So it should be quite clear that eUID controls the actual permissions. But the following test says otherwise:
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
int main()
{
uid_t uid;
uid_t euid;
uid = getuid();
euid = geteuid();
printf("uid1=%i euid1=%i\n", uid, euid);
system("ls /root");
setreuid(euid, uid);
uid = getuid();
euid = geteuid();
printf("uid2=%i euid2=%i\n", uid, euid);
system("ls /root");
return 0;
}
Building and running the test:
cc -Wall tst.c
sudo chown root:root a.out
sudo chmod u+s a.out
./a.out
uid1=500 euid1=0
ls: cannot open directory '/root': Permission denied
uid2=0 euid2=500
Desktop Templates
So we see that with eUID=0 the listing failed, but succeeded when UID became 0 (and eUID was intentionally changed to 500).
So from this test its quite clear that UID does the actual checking. Can someone please make the sense out of that?